In Pictures: Hacking Team's hack curated

Hacking Team, a firm best known for helping governments spy on their citizens, has been hacked. Here's a curated look at the documents, contracts, and code discovered by researchers sorting the data online.

Hacking Team Exposed
Specializing in surveillance technology, Hacking Team has gotten a lesson in how it feels to have outsiders monitoring their affairs, all while privacy advocates enjoy a bit of schadenfreude at their expense.
The following slides are a curated collection of documents and various technical elements that researchers and journalists have uncovered as the 400GB cache of data taken from Hacking Team is sorted. Included here are contracts, code examples, emails, and other items that offer an inside look at a company that has turned espoinage into a business venture.

Twitter compromised
The message shown here was sent shortly after the
Hacking Team account on Twitter was compromised. The attacker behind the incident is believed to be the same person that compromised another lawful interception company, Gamma International.

Email
Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files.

Ethiopia
An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia's Prime Minister until his death in 2012, was published as part of the cache of files taken from Hacking Team.
This is his email to the company thanking them for their help in getting to a high value target. His email address was used to register several MZF domains, all of them using similar themes, suggesting a Phishing campain of sorts.

Contract with Ethiopia
This is a copy of the contract with Ethiopia, valued at $1,000,000 Birr (ETB). The contract is for Hacking Team's Remote Control System, professional services, and communications equipment. It's also possible the funds listed are in Euro.

VPN servers
Hacking Team assigned Anonymizers to customers to use. Here the accounts assigned to customers in Lebanon and Egypt are shown. The IPs are for VPN services in the U.S. and Germany.

VPS servers
This researcher discovered a list of VPS credentails, all of them using root as the username with randomly generated passwords.

Customer lists
The first of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't.

Customer lists
The second of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't. Note that Sudan and Russia are not officially supported - but they're clients.

Incident Response
Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's password store from Firefox was published as part of the massive data dump.
He took to twitter and issued denials, and when those didn't work, he warned that the 400GB download contained viruses. Considering his company developed custom malware, it's a sure bet that the download does have viruses, as well as the source code to modify them.
His Twitter account was compromised, and later deactivated.

Exposed certs
An iOS Enterprise developer certificate used by Hacking Team

IOC data?
Possible IOC data for some administrators running Linux.

Poor MySQL
Ht2015! is not the most secure option available for a MySQL database.

Strong passwords for everyone!
Another example of poor password policies.

Cats and kittens
Administrator password is "kittens".

0-Day burned
Flash 0-Day exploit working on Chrome.

Fake news apps
Fake applicaions discovered on the source code leaked as part of the 400GB cache.

Product lists
An example of the type of products offered by Hacking Team and their associated cost in Euro.

Product lists
An example of the type of products offered by Hacking Team and their associated cost in Euro.

Product lists
An example of the type of products offered by Hacking Team and their associated cost in Euro.

Product lists
An example of the type of products offered by Hacking Team and their associated cost in Euro.

Leaked code
Source code for a module that targets Bitcoin

Leaked code
Source code for a demo tool, the paths are pointed to fake child porngraphy videos. The source is for evidence collection, so it's likely not planting, but discovering.

Sales and financials
Total Hacking Team revenue by country in Euro.

Sales and financials
This is a list of their top ten customers based on order volume. Figures are in Euro.

Sudan
A contract with Sudan for €480,000 Euro. Hacking Team had recently told the UN that they had never done business with the country.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.